9 Different Types of Ransomware Attacks and Recent Examples

Ransomware is a kind of cyber attack in which the attacker encrypts or blocks access to the data of the victim and demands payment in order to restore access. Understanding the various types of ransomware attacks is critical for defending yourself or your organization against such attacks.

The aim of this article is to educate you on the different types of ransomware attacks so that you can prevent them from occurring. If the worst happens and you do fall victim, you will know how to react.

The 9 Types of Ransomware Attacks

There are 9 different types of ransomware attacks, each with its own characteristics.

• Crypto/Encrypting Ransomware
• Scareware Ransomware
• Screen Locking Ransomware
• Mobile Ransomware
• Leakware Ransomware
• DDoS Ransomware
• Doxware Ransomware
• RaaS (Ransomware as a Service)
• Double Extortion Ransomware

Let’s explore them below.

Encrypting/Crypto Ransomware

In a cyber attack known as encrypting ransomware, attackers encrypt the victim’s data and demand payment for a decryption key. This type of ransomware attack is becoming increasingly common and has caused significant damage to both individuals and organizations.

How It Works

The attacker installs the ransomware on the victim’s computer or network. The ransomware then encrypts the data of the victim rendering it inaccessible. The attacker then demands payment in return for a decryption key that will unlock the data.

Examples 

WannaCry, which spread globally in May 2017, is one of the most well-known examples of encrypting ransomware.

The Clop ransomware campaign, which has been ongoing for about two months as of March 2023, is the most current example of a crypto-ransomware attack. The Clop ransomware gang claims to have infected 130 victims by making use of a previously unknown “zero-day” vulnerability in a popular file-transfer tool.

The attack takes advantage of a vulnerability in Fortra’s GoAnywhere file-transfer program. It is harming more small businesses than the previous large ransomware attacks this year.

Following a year of fewer reported attacks and fewer victims willing to pay the hackers to unlock their systems and/or keep stolen data private, ransomware gangs are now clearly experimenting with new techniques.

Prevention and Mitigation Strategies

Implementing a variety of cybersecurity protocols is important in preventing encrypting ransomware attacks. Among these strategies are the following:

• Backing up your data on a regular basis and storing a backup offline
• Updating your software and operating systems with the most recent security patches
• Placing firewalls and antivirus software in place
• Employee education on how to recognize and avoid phishing emails and other social engineering attempts
• Limit access to vital data and systems

If an attack does happen, we should do the following:

• To prevent additional damage, disconnect infected systems from the network.
• Paying the ransom may encourage other assaults and does not guarantee that you will regain access to your data.
• In order to recover your data and identify the perpetrator, you should contact law enforcement and other cybersecurity specialists.

Scareware Ransomware

Scareware ransomware, often known as fake antivirus ransomware, is a sort of cyber attack that dupes victims into believing their machine has a virus or malware. The attackers then demand payment for offering a bogus remedy to the problem.

How It Works

Scareware ransomware usually comes as pop-up warnings on the victim’s computer screen. These fake pop-ups warn of a virus or malware attack. They may also contain a bogus scan that claims to have discovered harmful malware on the victim’s machine. The attackers then demand payment for a bogus antivirus product that claims to be able to eliminate the supposed issue.

Examples 

The “Windows Defender Alert: Zeus Virus” hoax, which first appeared in 2021, is an example of a scareware ransomware attack. The scam displayed a bogus alert message on the victim’s computer screen, stating that their computer had been infected with the Zeus virus and urged them to contact a bogus Microsoft support number to remedy the problem.

The scammers then persuaded the victim to buy fake antivirus software in order to eliminate the malware. This was actually the scareware ransomware itself. After that, the victim’s computer was locked, and they were told to pay a ransom to recover access to their files.

The infamous “Antivirus XP” scam is an example of scareware ransomware. This scam used pop-up notifications to say that the victim’s machine was infected with a virus and that they needed to buy a bogus antivirus product.

Other examples include the “FBI MoneyPak” scam. In this scam, the victim’s computer was said to have been locked by the FBI for illegal behavior and payment was required to unlock it.

Prevention and Mitigation Strategies

Implementing a variety of cybersecurity safeguards is crucial in preventing scareware ransomware attacks. Some of these strategies are:

• Installing and maintaining quality updated antivirus software
• Be wary of pop-up messages or emails with fake claims.
• Never click on links or download attachments from unknown sources.
• Turn off pop-up messages on your web browser.
• Back up your data on a regular basis.

If you do fall victim to a scareware attack, you should do the following:

• To avoid additional harm, disconnect your computer from the internet.
• Use reliable antivirus software to detect and delete any harmful software.
• Don’t pay the ransom because it will most likely not solve the issue.
• Contact law enforcement and cybersecurity specialists for assistance.

Screen Locking Ransomware

It is a sort of cyber attack that locks the screen of a victim’s computer or mobile device preventing access to files on it. Attackers demand payment in order to restore file access and unlock the screen.

How It Works

Screen-locking ransomware often displays on the victim’s device as a full-screen notification claiming that the device has been locked due to illegal conduct or a security breach. Threats of legal action or permanent data deletion are also part of the message. They claim they will only unlock the device if you send payment.

Examples 

The Ragnar Locker ransomware attack in November 2021 is one real-world example of such an attack. Using the Ragnar Locker ransomware, the attackers said they stole critical corporate files and shut down 30,000 company machines.

Locker ransomware locks a computer after it infects it. This renders all or some of the system data and functionality inaccessible. The victim may be unable to access the computer desktop but can still use the mouse and keyboard with limited functionality.

The “Koler” infection is another form of screen-locking ransomware. It targets Android mobile devices with the claim that law authorities have had to lock the victim’s device due to criminal activities. Another example is the “LockerGoga” ransomware that targets industrial control systems and blocks victims from accessing key infrastructure.

Prevention and Mitigation Strategies

We can prevent screen-locking ransomware attacks by implementing a range of cybersecurity measures. Some strategies include:

• Installing and updating reliable antivirus software
• Being wary of emails or messages that say your device has been locked
• Updating security patches for your software and operating system
• Maintaining regular data backups
• Putting in place multi-factor authentication and using secure passwords

If you do fall victim to a screen-locking ransomware attack, here are some steps you can take:

• Disconnect your device from the internet to prevent further damage
• Run an antivirus scan
• Do not pay the ransom
• Contact the police and cybersecurity experts

Mobile Ransomware

Mobile ransomware is a form of ransomware that targets mobile devices like smartphones and tablets. It works by first infecting a device with malware, then preventing the user from accessing the device or their data until a ransom is paid.

How It Works

Mobile ransomware is often distributed by malicious apps downloaded from untrustworthy sources or via phishing attacks that deceive the user into downloading the malware onto their phone. Once infected, the ransomware will encrypt the user’s data or lock them out of their device. The perpetrator will then demand money in exchange for access to be restored.

Examples 

A recent example of a mobile ransomware attack is the Android/Filecoder.C ransomware of 2021. The ransomware was distributed through a fake Adobe Flash Player app and targeted Android devices. Once you install it, the ransomware encrypts your files. The perpetrator then demands a ransom payment in exchange for the decryption key. The ransomware also threatens to publish your data if you do not pay the ransom. The Android/Filecoder.C ransomware could bypass Google’s security measures and third-party app stores were a means of distribution.

Prevention and Mitigation Strategies

You can prevent the mobile ransomware attack by doing the following:

• Only download apps from trusted, official app stores
• Avoid suspicious messages emails or updates
• Keep your antivirus software up to date
• Keep your OS updated with the latest security patches
• Use multi-factor authentication and strong passwords
• Back up your data regularly

If you think your phone has malware on it, here are some steps you can take: 

• Take your phone offline immediately.
• Scan it with an anti-virus program.
• Ignore the ransom demand and do not pay it.
• Reach out to a cybersecurity expert and inform the police.

Leakware Ransomware

This attack is also known as doxware. It is a type of ransomware that threatens to release data publicly if you do not pay the ransom. This type of attack is a big concern for organizations that handle sensitive data, like financial and medical institutions.

How It Works

It works by infecting a system through a phishing email or by exploiting a vulnerability in the security of the system. Once within the system, the attacker will look for sensitive or confidential data. The attacker will then encrypt the data and demand a ransom in order to decrypt it. If the ransom is not paid, the attacker threatens to make the stolen data public.

Examples

A leakware ransomware attack targeted the Hollywood Presbyterian Medical Center in 2016. The attacker wanted a $3.6 million ransom for the hospital’s patient data which contained sensitive medical information. To recover the stolen data, the hospital agreed to pay a reduced ransom of $17,000.

Prevention and Mitigation Strategies

It is critical to have a backup solution in place in order to prevent leakware ransomware attacks. This can aid in the recovery of data in the event of an incident. Organizations should also educate their staff on the necessity of recognizing and avoiding phishing emails. It is also critical to keep software and security systems up to date in order to avoid vulnerabilities that attackers can exploit.

DDoS Ransomware

DDoS (Denial of Service) ransomware floods a victim’s website or network with traffic from various sources with the aim of overwhelming it. The attacker then demands payment in exchange for the DDoS attack being stopped.

How It Works

The attacker infects a network of computers, making them bots that can be remotely controlled. The attacker then commands the bots to send requests to a target website or network. This leads it to crash due to traffic overload. In exchange for halting the DDoS attack, the attacker demands cash.

Examples

The Mirai botnet attacked and took control of hundreds of thousands of Internet of Things (IoT) devices in 2016. This is in addition to launching a DDoS attack on Dyn, a major DNS provider. This attack knocked out internet access for millions of individuals in the United States and Europe.

In 2021, the REvil ransomware organization infected the servers of the IT management software business, Kaseya, and launched a DDoS attack on their website. The attackers wanted $70 million in Bitcoin in exchange for a decryption tool that would restore access to the impacted computers to be restored.

Prevention and Mitigation Strategies

• Keep all software patched and up-to-date.
• Use firewalls and intrusion detection and prevention systems that can detect and block DDoS traffic.
• Use content delivery networks (CDNs) that can absorb DDoS traffic and reduce the impact of the attack.
• Always have a DDoS response plan in place and regularly conduct simulations.
• Never pay the ransom.

Ransomware as a Service (RaaS)

Ransomware as a Service (RaaS) refers to a type of malware attack in which ransomware is rented or sold to other attackers, who then use it against their targets. It is a criminal business model that has made ransomware incidents easily accessible and cost-effective to hackers of all skill levels. This includes even beginners.

How It Works

Ransomware as a Service (RaaS) works by delivering ransomware as a product or service that hackers can rent, lease, or buy. The RaaS provider manages all technical details of the ransomware attack, including malware development, hosting Command and Control (C2) servers, as well as offering support. The RaaS provider expects a percentage of the ransom payment from the attacker who successfully executes the attack.

Examples

A recent example of ransomware as a service attack is the Babuk ransomware attack of 2021. The Babuk ransomware gang provided their ransomware to other cybercriminals, allowing them to target victims and in return get a share of the ransom payments.

The Babuk ransomware was used in multiple high-profile attacks. One of them is the Metropolitan Police Department attack in Washington, DC. In exchange for not revealing the stolen data, the attackers sought a $4 million ransom payment. 

Prevention and Mitigation Strategies

Preventing RaaS attacks can be challenging as potentially anyone can become an attacker. You can however mitigate this attack by using strong security measures such as firewalls, antivirus software, and intrusion detection systems. You should also keep your systems up-to-date with the latest security patches and conduct regular backups of important data.

In addition, organizations can also establish strict security policies, implement regular security awareness training for employees, and use multi-factor authentication to protect against social engineering attacks.

Victims should not pay the ransom in the event of a RaaS attack because doing so simply encourages the attackers to continue. Victims should notify law police and seek help from security professionals to recover their data.

Double Extortion Ransomware

Double extortion ransomware is an attack that does two things. It encrypts the data of the victim and also threatens to expose them if they do not pay the ransom.

The REvil ransomware attack on the law firm Grubman Shire Meiselas & Sacks in the year 2020 is a recent example of a double extortion ransomware attack. The attackers swiped critical data from the law firm’s servers before encrypting it and demanding a $21 million ransom payment to prevent the stolen data from being published. The attackers were threatening to release the data in batches if the ransom was not paid. The stolen information contained sensitive information regarding high-profile clientele.

The image featured at the top of this post is ©Sashkin/Shutterstock.com.